345 hack event(s)
Description of the event: According to BlockSec monitoring, an unknown contract on the BSC (BNB Smart Chain)—suspected to be the LML/USDT staking protocol—has been exploited for approximately $950,000. Analysis indicates the vulnerability stems from a pricing design flaw: claimable rewards are calculated based on TWAP (Time-Weighted Average Price) or snapshot prices, allowing the attacker to sell reward tokens at manipulated spot prices. The attacker first pushed up the price of LML by executing trades through a path that included a zero-address recipient. Subsequently, they invoked the claim function via an address where tokens had been previously deposited, directly capturing the rewards during the exploit.
Amount of loss: $ 950,000 Attack method: Price Manipulation & Oracle Arbitrage Exploit
Description of the event: According to monitoring by BlockSec Phalcon, a suspicious transaction targeting an unknown contract (Stake) on the BSC chain has been detected, resulting in a loss of approximately $133,000. The attacker exploited a spot price dependency vulnerability within the Stake contract. By manipulating the price of TUR in the TUR-NOBEL pool and subsequently staking TUR, the attacker triggered reward calculations based on the artificially inflated price. They then claimed the amplified rewards through a referral account and ultimately profited by swapping the stolen TUR for USDT.
Amount of loss: $ 133,000 Attack method: Oracle Manipulation
Description of the event: According to BlockSec Phalcon's monitoring, the BCE-USDT pool on PancakeSwap (BSC chain) was exploited a few hours ago, resulting in a loss of approximately $679,000. The root cause lies in a vulnerability within the BCE token's burn mechanism. The attacker deployed two malicious contracts to bypass buy/sell restrictions and trigger the token burn, ultimately extracting about $679,000 from the pool by manipulating its reserves.
Amount of loss: $ 679,000 Attack method: AMM Reserve Manipulation
Description of the event: An attacker exploited a vulnerability in the Venus Protocol, utilizing flash loans to acquire a substantial amount of assets. In this attack, the attacker’s address (0x1a35...6231) successfully obtained 20 BTC, 1.5 million CAKE, and 200 BNB, with a total value exceeding $3.7 million. To execute the operation, the attacker used a large quantity of THE tokens as collateral to borrow CAKE, BTCB, and BNB, triggering continuous liquidations of THE tokens. According to the latest investigation by Allez Labs, the risk management team for Venus Protocol, the attack originated from manipulation of the supply cap in the BNB Chain core pool. Starting in June 2025, the attacker gradually accumulated THE tokens, increasing their holdings over nine months to 84% of the supply cap (approximately 14.5 million THE). Subsequently, the attacker bypassed the normal deposit process by directly transferring tokens to the protocol contracts, completely circumventing the supply cap and ultimately establishing a position of 53.2 million THE—3.67 times the designated limit. Exploiting the low on-chain liquidity of THE tokens, the attacker manipulated the TWAP oracle, driving THE’s price from $0.27 to $0.53, thereby borrowing significant amounts of other assets. At its peak, the attacker used 53.2 million THE as collateral to borrow 6.67 million CAKE, 2,801 BNB, 1,970 WBNB, 1.58 million USDC, and 20 BTCB. To prevent further losses, Venus Protocol has suspended borrowing and withdrawal functionalities for markets involving THE assets, as well as other markets with highly concentrated liquidity, such as BCH, LTC, UNI, AAVE, FIL, and TWT. However, other Venus markets remain unaffected and continue to operate normally. Venus stated it will continue collaborating with security partners to conduct a thorough investigation of the incident and provide timely updates.
Amount of loss: $ 2,150,000 Attack method: Flash Loan assisted Oracle Manipulation Attack
Description of the event: The AM/USDT pool on the BSC chain was exploited several hours ago, with estimated losses of approximately $131,000. The root cause lies in a vulnerability within the burn mechanism, which was exploited to manipulate the AM reserves in the pool and artificially inflate the token price. The attacker first manipulated the toBurnAmount and then triggered the burn logic after the AM balance in the pool had been adjusted. This drove the AM reserves down to an unnaturally low level, allowing the attacker to sell AM back to the pool at an inflated price to realize a profit.
Amount of loss: $ 131,000 Attack method: Leveraging flash loans for reserve manipulation
Description of the event: According to BlockSec Phalcon's monitoring, a suspicious transaction targeting the MT-WBNB liquidity pool on BSC was detected several hours ago, resulting in an estimated loss of approximately $242,000. The root cause lies in a flaw within the buyer restriction mechanism: under deflationary mode, normal buy orders were reverted; however, the router and pair addresses were whitelisted. The attacker bypassed these restrictions by swapping and removing liquidity through the router to acquire MT tokens from the pair. Subsequently, the attacker sold MT to accumulate a pendingBurnAmount and invoked the distributeFees() function to directly burn MT from the trading pair, artificially inflating the price. This allowed the attacker to swap MT back for WBNB to realize a profit. Furthermore, a referral rule that allowed the transfer of the first 0.2 MT to bypass buyer restrictions enabled the attacker to initiate the exploit.
Amount of loss: $ 242,000 Attack method: Burn Mechanism Manipulation
Description of the event: According to BlockSec monitoring, an unknown contract on the BSC network was exploited. The attacker leveraged a design flaw in the “burn pair” mechanism to execute two reverse swaps, resulting in losses of approximately $100,000. The attacker first drained PGNLZ tokens, then triggered PGNLP burns and price manipulation, ultimately siphoning off most of the USDT from the liquidity pool.
Amount of loss: $100,000 Attack method: Contract Vulnerability
Description of the event: According to TenArmorAlert, a sandwich attack involving OLY has been detected on BSC, causing estimated losses of around $63,400.
Amount of loss: $ 63,400 Attack method: Sandwich attack
Description of the event: On the BSC network, an unknown smart contract MSCST suffered a flash loan attack, resulting in an estimated loss of approximately $130,000. The root cause of the exploit lies in the lack of access control (ACL) within the releaseReward() function of the MSCST contract, which allowed the attacker to manipulate the price of the GPC token in the PancakeSwap liquidity pool (address: 0x12da).
Amount of loss: $130,000 Attack method: flash loan attack
Description of the event: According to SlowMist founder Yu Cos and ZEROBASE officials, a malicious contract on the BSC chain, “Vault” (0x0dd2…2396), impersonated the ZEROBASE frontend to trick users into authorizing USDT. The incident is suspected to have occurred due to a compromise of the ZEROBASE frontend and was not an issue with the Binance Web3 wallet itself. So far, hundreds of addresses have been affected, with the largest single loss reaching $123,000. The stolen funds have been transferred to the Ethereum address 0x4a57…fc84. ZEROBASE has enabled an authorization monitoring mechanism, and the community is urging users to quickly revoke risky authorizations via revoke.cash.
Amount of loss: $ 123,000 Attack method: Frontend Attack
Description of the event: According to on-chain security analyst ZachXBT, the payment project GANA Payment on the BSC chain was attacked a few hours ago, resulting in an estimated loss of $3.1 million. The attacker has deposited 1,140 BNB (around $1.04 million) into Tornado Cash on BSC, and transferred funds to Ethereum via a cross-chain bridge. Of these funds, 346.8 ETH (around $1.05 million) has also been deposited into Tornado Cash on Ethereum. Currently, another 346 ETH (about $1.046 million) remains idle in an Ethereum address starting with 0x7a.
Amount of loss: $ 3,100,000 Attack method: Unknown
Description of the event: The attackers exploited a misconfigured LayerZero bridge along with a compromised private key for the GAIN BSC contract. By setting a malicious peer contract on Ethereum, they bypassed validation checks and minted 5 billion counterfeit GAIN tokens on BSC. The attackers then sold approximately 150 million of these counterfeit tokens (about 2.8% of the total fake supply) on PancakeSwap, cashing out around USD 3 million.
Amount of loss: $ 3,000,000 Attack method: Private Key Leakage
Description of the event: ABCCApp on BSC was reportedly attacked, resulting in a loss of approximately $10.1K. The root cause was that the contract’s addFixedDay() function lacked access control, and fixedDay was used in calculating claimable USDT.
Amount of loss: $ 10,100 Attack method: Contract Vulnerability
Description of the event: D3X AI (@D3X_AI) was attacked on BSC, resulting in a loss of approximately $158.9K. The root cause was that the exchange() function of contract 0xb8ad relied on the spot price of the d3xat token from a UniswapV2 pair, which the attacker exploited through a price manipulation attack.
Amount of loss: $ 158,900 Attack method: Price Manipulation
Description of the event: According to monitoring by SlowMist's MistEye security system, VDS on the BSC appears to have been attacked, with an estimated loss of around $13,000.
Amount of loss: $ 13,000 Attack method: Business Logic Flaw
Description of the event: A suspicious attack involving MEV bot 0xb5cb occurred on BSC, resulting in losses of approximately $2 million.
Amount of loss: $ 2,000,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist security team, the digital asset wealth management platform Nexo suffered a sandwich attack due to a lack of access control in one of its contracts, resulting in a loss of approximately $31,000.
Amount of loss: $ 31,535 Attack method: Contract Vulnerability
Description of the event: Mobius Token on BSC is suspected to have been exploited, with estimated losses of $2.15 million.
Amount of loss: $ 2,150,000 Attack method: Contract Vulnerability
Description of the event: According to the SlowMist MistEye security monitoring system, LIFE Protocol has been attacked, resulting in a loss of over $51,000.
Amount of loss: $ 51,000 Attack method: Price Manipulation
Description of the event: According to the SlowMist MistEye security monitoring system, ACB appears to have been attacked on BSC, resulting in a loss of approximately $22,000.
Amount of loss: $ 22,804 Attack method: Contract Vulnerability